Source: awstats Version: 7.8-2 Severity: important Tags: security upstream Forwarded: https://github.com/eldy/AWStats/pull/226 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for awstats. CVE-2022-46391[0]: | AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to | printing a response from Net::XWhois without proper checks. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-46391 https://www.cve.org/CVERecord?id=CVE-2022-46391 [1] https://github.com/eldy/AWStats/pull/226 Regards, Salvatore

